About the job
The Red Hat Product Security team is looking for a Senior Product Security Engineer to join us in the U.S. In this role, your primary focus will be software supply chain security. You will perform audits and assessments of systems and assist in improving robust DevSecOps practices from a security architectural point of view. As a Senior Product Security Engineer, you will help protect our customers from security risks through secure software curation and maintenance practices and policies. You'll help us protect against logical security threats and provide quality information needed to mitigate and accept risk and privacy concerns. Using open source principles every day, you will work with stakeholders across the Red Hat portfolio of offerings and solutions. You'll perform security assessments and risk analysis through threat modeling in Red Hat solutions and supported applications, applying methods to minimize risk within traditional datacenters, cloud deployments, and container environments, prioritizing them as appropriate for escalation. As a Senior Product Security Engineer, you'll need to be able to think fast to analyze complex problems and you'll be called upon to exercise judgment to prioritize issues that warrant immediate attention. You'll collaborate with Red Hat engineers and security analysts to help protect customers from these security threats. Red Hat has offices across the United States and well qualified, home-based, security engineers will also be considered to work remotely.
What you will do

• Consultation for technical implementation and remediation of issues
• Rapidly respond and provide quality in-depth analysis of security code and coding practices
• Audit software build and packaging processes to identify risks and risk mitigation strategies
• Prioritize tasks to ensure that serious issues receive immediate attention, including vulnerabilities, configurations, communication paths, and encryption
• Communicate quickly and efficiently with internal stakeholders about security issues and vulnerabilities
• Create technical documentation about vulnerabilities, including proposed mitigations and fixes, in a clear and easy-to-understand manner
• Partner closely with stakeholders to assist with producing technical solutions to technical problems
• Understand current and emerging threats and threat vectors in the enterprise product space

What you will bring

• 5+ years of experience in current security software technologies and threat modeling
• Solid background in software management practices, including source code management, secure deployment of software, continuous integration (CI) or continuous delivery (CD), and other release engineering practices
• Solid background in agile and DevSecOps practices
• Understanding of modern container technologies
• Fluent written and verbal communication skills in English
• Ability to work in a fast-paced environment with diverse teams distributed across the globe

The following are considered a plus:

• Familiarity with open source software and open source as a business model
• Experience and proficiency with Linux operating systems
• Debugging and analysis experience using GDB, Valgrind, strace, and other programming-level or system-level debuggers
• Programming experience with C or C++; proficiency in multiple languages, including Python, Java, Ruby, or Go is a big plus
• Knowledge of Red Hat's product portfolio of open source software solutions
• Bachelor's degree in a technology-related discipline, preferably in computer science or engineering

About Red Hat
Red Hat is the world's leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.
Benefits

• Comprehensive medical, dental, and vision coverage
• Flexible Spending Account - healthcare and dependent care
• Health Savings Account - high deductible medical plan
• Retirement 401(k) with employer match
• Paid time off and holidays
• Paid parental leave plans for all new parents
• Leave benefits including disability, paid family medical leave, and paid military leave
• Additional benefits including employee stock purchase plan, family planning reimbursement, tuition reimbursement, transportation expense account, employee assistance program, and more!

Note: These benefits are only applicable to full time, permanent associates at Red Hat located in the United States.